Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 510
Alerts This Week
Warning Icon 1 510

SUSE: 2019:0740-1 Important Kernel Live Patch Rectifies Multiple Issues

suse
Calendar Grey March 26, 2019
Dist Suse Esm H88
SUSE update for Live Patching addresses kernel issues, ensuring system stability and security while fixing multiple threats.
An update that fixes 5 vulnerabilities is now available

Summary

This update for the Linux Kernel 4.12.14-25_3 fixes several issues. The following security issues were fixed: - CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378). - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284). - CVE-2018-12232: In net/socket.c there was a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions.

References

#1124729 #1124734 #1126284 #1127757 #1128378

Cross- CVE-2018-12232 CVE-2019-6974 CVE-2019-7221

CVE-2019-8912 CVE-2019-9213

Affected Products:

SUSE Linux Enterprise Module for Live Patching 15

https://www.suse.com/security/cve/CVE-2018-12232.html

https://www.suse.com/security/cve/CVE-2019-6974.html

https://www.suse.com/security/cve/CVE-2019-7221.html

https://www.suse.com/security/cve/CVE-2019-8912.html

https://www.suse.com/security/cve/CVE-2019-9213.html

https://bugzilla.suse.com/1124729

https://bugzilla.suse.com/1124734

https://bugzilla.suse.com/1126284

https://bugzilla.suse.com/1127757

https://bugzilla.suse.com/1128378

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2019:0740-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.